techcommunity.microsoft.com
Open in
urlscan Pro
23.37.56.116
Public Scan
Submitted URL: https://aka.ms/MEM-ADEModernAuth-Blog
Effective URL: https://techcommunity.microsoft.com/t5/intune-customer-success/setup-assistant-with-modern-authentication-for-ade-intune-public/ba-p...
Submission: On September 13 via api from US — Scanned from DE
Effective URL: https://techcommunity.microsoft.com/t5/intune-customer-success/setup-assistant-with-modern-authentication-for-ade-intune-public/ba-p...
Submission: On September 13 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
Name: form_64141faf61fad1 — POST https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.searchformv32.form.form
<form enctype="multipart/form-data" class="lia-form lia-form-inline SearchForm" action="https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.searchformv32.form.form" method="post" id="form_64141faf61fad1" name="form_64141faf61fad1">
<div class="t-invisible"><input value="blog-id/IntuneCustomerSuccess/article-id/2522" name="t:ac" type="hidden"><input value="search/contributions/page" name="t:cp" type="hidden"><input
value="s4jrF-8vaszXWwYHgED2sJ8dp-VmCaFHoDAsBdGncqCGTJHVgVcp0tiEkUE2cT5vuT09g5D-O6lD7Mxyya_8Yfa8NIZm4v8NHcG26yr_BdMcAyPtX_SlzSO87N-ji2d_iasj7254UC9llM0II9BDT4qW4g68JdJeW6qDTbrSXdSxlCg-9wTQTGTioUPlOzOIba2OiSyJp_Ilpm9uT7_QQCUQIoWaef2oz_WGDdrhqtgIw9CW53_sm1zWgCuDV9cH2qPwLwBDmr-snHPxoCo-a8p699OW82bZNW0wmsgZt1zyslk-3Tg8yFENMe-LDTWbyV64vV3cXoysKiY-xX9Xf1KOoFIJDNNQM9JfopraGFMVc4PkPe0fsBiI8g58CEiNoOfxNunX8s6MDD03SLwVeEQbXYAv6-NHYB_UV8WLX3Mjp1v-a6RF5Lw8O4_h2u6l_L5roG60H0lz0WnbkXEYl-6JWaX79DNS7TWca-ricv7uoBhfY3xx-z6LQvMIFNJRmDWKcEfdiDpeiKvomnaJxIH2RjD-t7BhMDpvRHX0Hno28neY06KD3zTD4qn5ik3xuuaOB8InUpMd20Si4t__IO8NmQFRO5V5DdqLL4fnXnwyMgCBpt9ag5_IVout8tjjRVdC_GCMluf6ThUBjXDq7toUQ7I0DKnr78YedfhT74d1uT7YYWbmFAvvG87_rJOUZ0jLbu4eXEsL7eVW5cQFV5ZxmQ3P6ZuBtoPW_OzkRy9m-fPxo1Ca_jbU4ZZmQzS2aCZZk4GTc-CoW6gwjAjpU_beJ1WcDyth-l6F1URnNRvoiDpT1iReJ6UdzSt2_VZ531EZOd30j33i06EjTB3k8G6k8MC3Di38FM_NC1SnUfYk6J-hbtESvEK-yMYEX7WHJ8mxJThxpUA_qoe9c3PX241xoNparPJkzC4XX7ar48UL2b3sv2W3DoiyHzyR3OfuUipXFlzau10p69cmBiSmrWHZ2HHiAtphyf-exW2ywiEurvlvZduDTyNH7hMnGaTrcP30aYhU_Dmrf9sNyZcKpWwabd5ALqGHsW9_bdE6u94cddGADQ00Uekc-OuRFst72HST4vNRG8PTeHAsN1WkCfBOwOKAoQs7P9yixVgyGfHDK-qhqQ53fneCeLzJwvutBxaQpggopT9LxZj843NEIxqwfQV6s6ZkMRt4WH2KZ7C51ataG7bug8aP6NyVPT8SqrztycE_j9nGCFUFZ1DwsaenPt2cSA-IuMvp7W6hBxAjnYhXaBVj7WmVdbD1T5WqDIsM4J6aV2WIIILPV2b7Gg.."
name="lia-form-context" type="hidden"><input value="BlogArticlePage:blog-id/IntuneCustomerSuccess/article-id/2522:searchformv32.form:" name="liaFormContentKey" type="hidden"><input
value="dzOv4c3RXyNwwkfp7lwVMGy6yiU=:H4sIAAAAAAAAALWRQUrDQBSGn4WuigiiN9DtRNRuVIQiKELVYHAtM+lrGk0ycWbSxI1H6QnES3Thzjt4ALeuXDiTRKlVMJG4CvO/8H/fm7l/gXa6D3sSqXBHlssjJXyWKJ9H0rKphzvFZMhFON7aJDJhoa/Kj/kbMyUFdLnwCI2pO0KiaIxSidsucbnAwGeEUYmkx3RIXXXoYzBYc1Al8frFtPO8+vjWgoU+dHI2D05piAqW+1d0TK2ARp7laKXI281iBYsF+KAANyDeqytuC+6ilI7pkVLTpg+D7eHr5KkFkMXpGZxUNQp1jU7L0JT/EMkbuAPQ91GOnHyUqzTOMqh2eg521VZ1zWotsfJ9icuN/wAWmxzDUdXiRKKYrZw7fyywZPLZJ2gOUVs54urLLcydP5VN/kflXxC58jtO8j6qQQQAAA=="
name="t:formdata" type="hidden"></div>
<div class="lia-inline-ajax-feedback">
<div class="AjaxFeedback" id="feedback_64141faf61fad1"></div>
</div>
<input value="U4OPqQjM4hztn0SgLz2zskMDjjD45ZNVt_aUq7ZU6fs." name="lia-action-token" type="hidden">
<input value="form_64141faf61fad1" id="form_UIDform_64141faf61fad1" name="form_UID" type="hidden">
<input value="" id="form_instance_keyform_64141faf61fad1" name="form_instance_key" type="hidden">
<span class="lia-search-input-wrapper">
<span class="lia-search-input-field">
<span class="lia-button-wrapper lia-button-wrapper-secondary lia-button-wrapper-searchForm-action"><input value="searchForm" name="submitContextX" type="hidden"><input class="lia-button lia-button-secondary lia-button-searchForm-action"
value="Search" id="submitContext_64141faf61fad1" name="submitContext" type="submit"></span>
<input placeholder="Search the community" aria-label="Search" title="Search" class="lia-form-type-text lia-autocomplete-input search-input lia-search-input-message" value="" id="messageSearchField_64141faf61fad1_0" name="messageSearchField"
type="text" aria-autocomplete="both" autocomplete="off">
<div class="lia-autocomplete-container" style="display: none; position: absolute;">
<div class="lia-autocomplete-header">Enter a search word</div>
<div class="lia-autocomplete-content">
<ul></ul>
</div>
<div class="lia-autocomplete-footer">
<a class="lia-link-navigation lia-autocomplete-toggle-off lia-link-ticket-post-action lia-component-search-action-disable-auto-complete" data-lia-action-token="wxOJfjq7CT_SPRCdc9v18p4hdS01URRSZX29xhvZsN8." rel="nofollow" id="disableAutoComplete_64141faf9a02f8" href="https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.disableautocomplete:disableautocomplete?t:ac=blog-id/IntuneCustomerSuccess/article-id/2522&t:cp=action/contributions/searchactions">Turn off suggestions</a>
</div>
</div>
<input placeholder="Search the community" aria-label="Search" title="Search" class="lia-form-type-text lia-autocomplete-input search-input lia-search-input-tkb-article lia-js-hidden" value="" id="messageSearchField_64141faf61fad1_1"
name="messageSearchField_0" type="text" aria-autocomplete="both" autocomplete="off">
<div class="lia-autocomplete-container" style="display: none; position: absolute;">
<div class="lia-autocomplete-header">Enter a search word</div>
<div class="lia-autocomplete-content">
<ul></ul>
</div>
<div class="lia-autocomplete-footer">
<a class="lia-link-navigation lia-autocomplete-toggle-off lia-link-ticket-post-action lia-component-search-action-disable-auto-complete" data-lia-action-token="VLvVJA1-dL58Z0cR_8BuzHAWgtVqR1ELU4L_IPguaiw." rel="nofollow" id="disableAutoComplete_64141fb01e06b6" href="https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.disableautocomplete:disableautocomplete?t:ac=blog-id/IntuneCustomerSuccess/article-id/2522&t:cp=action/contributions/searchactions">Turn off suggestions</a>
</div>
</div>
<input placeholder="Search all content" ng-non-bindable="" title="Enter a user name or rank" class="lia-form-type-text UserSearchField lia-search-input-user search-input lia-js-hidden lia-autocomplete-input"
aria-label="Enter a user name or rank" value="" id="userSearchField_64141faf61fad1" name="userSearchField" type="text" aria-autocomplete="both" autocomplete="off">
<div class="lia-autocomplete-container" style="display: none; position: absolute;">
<div class="lia-autocomplete-header">Enter a user name or rank</div>
<div class="lia-autocomplete-content">
<ul></ul>
</div>
<div class="lia-autocomplete-footer">
<a class="lia-link-navigation lia-autocomplete-toggle-off lia-link-ticket-post-action lia-component-search-action-disable-auto-complete" data-lia-action-token="_2M4P3kXD7IYZptRZ9kfz5C5kf0j4mU0qr6o7xIygRU." rel="nofollow" id="disableAutoComplete_64141fb07259d8" href="https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.disableautocomplete:disableautocomplete?t:ac=blog-id/IntuneCustomerSuccess/article-id/2522&t:cp=action/contributions/searchactions">Turn off suggestions</a>
</div>
</div>
<input title="Enter a search word" class="lia-form-type-text NoteSearchField lia-search-input-note search-input lia-js-hidden lia-autocomplete-input" aria-label="Enter a search word" value="" id="noteSearchField_64141faf61fad1_0"
name="noteSearchField" type="text" aria-autocomplete="both" autocomplete="off">
<div class="lia-autocomplete-container" style="display: none; position: absolute;">
<div class="lia-autocomplete-header">Enter a search word</div>
<div class="lia-autocomplete-content">
<ul></ul>
</div>
<div class="lia-autocomplete-footer">
<a class="lia-link-navigation lia-autocomplete-toggle-off lia-link-ticket-post-action lia-component-search-action-disable-auto-complete" data-lia-action-token="2tYSYfIgbx3bf4JVaZVZSRforTze1noOkybATvJeRvQ." rel="nofollow" id="disableAutoComplete_64141fb0ab1100" href="https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.disableautocomplete:disableautocomplete?t:ac=blog-id/IntuneCustomerSuccess/article-id/2522&t:cp=action/contributions/searchactions">Turn off suggestions</a>
</div>
</div>
<input class="lia-as-search-action-id" name="as-search-action-id" type="hidden">
</span>
</span>
<span class="lia-cancel-search" tabindex="0">cancel</span>
</form>Name: form — POST https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.searchformv32.form.form
<form enctype="multipart/form-data" class="lia-form lia-form-inline SearchForm" action="https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.searchformv32.form.form" method="post" id="form" name="form">
<div class="t-invisible"><input value="blog-id/IntuneCustomerSuccess/article-id/2522" name="t:ac" type="hidden"><input value="search/contributions/page" name="t:cp" type="hidden"><input
value="gt7rRk1YCeD-9nQldQcDPvy4RZkHe397oNA9cnW80l1a0DHcANODrCKUhXRcGFOjoYdAa8q9y_eVzcbvecJKXXWElWK837U3Q5P9i7Frr4CbzMQ3ISFGG8C7nidOGYodP1VUf-kXQENb8m06VfLfPL4u_qLv3tu6GLk99CuwbmUqEDwZQDSkEVxTbch703QvV5X1_iIRBtH4cEw4ePZ4_OXTSMQN0Ye17bx3Kc_H8TyldYy05FXILgteLSiAZiszi3NTMxRsofa5dtth1FfVQiLYV6i4fnZWA5WaRrL319MxeLMO1FylpJxwRomw7qrInknvDxIwPjMNtAo55QXdr7K3BRAVDgrFEEL0ZbLG-HzLlDh_qSPNuQFak1WS8FmnOsHW6st3-tcxywJGUj6pyt7E7-j_hEdio1A7bM3bX7ClOTvBimO7i0IeAM6FBcXXMj3x3JxIoEkrczAMFF3Gpfqa_XqOyiBgyTTTR08iRBRawZbUJZ0g3itXSlBBFFEbVTgT5omGifTdW7sJToR-mfCqCJGlbgJD53Hc2kJNs7qx44qLxzT1p2N_rpdlwmH7B47SNdHx7PF97y7LlLg4nnAu-785BykJpn_pBTPA0_HSlcWEw9zLwj0yGGvXegzofBEJnQWjeSwih5GU2FYBUidGGFh8aO64CnMTCSuQyddvw7AfG-TTQX_LFx5kkbajAxLX4lx2nZ8rup2VqU2h4ViVibn5f4Kv2eTzvmSRVrlXbpMNkl1xujx_3EXS6S2bhG5QbzhT4iOIoxwWVEoUseQhEVZqUDiQQxzPySoDd7LLAhIZ6q6eQ8wFylCtAjkDUBO0SHL44zgZIdBZaqjqsdYjADenw0EMjGSFvcRN0jNRvN38iux8UTZyMCBNLIfv86SCz-u4QudDymwIkk9jahyS9xHnbyjh7kit3u_aOT4K-FmuxyLuQifT5HOre4f09iy5coZhkli7wnSCb-LC1VgQmqCaGCCOTYyZeZ9BKO-njZNrVlY2cag_mRVtb_z_d_-yDwymfmm-BmyhY3hMhOlMXNN8mjbq9laU3ydi30NXuDpugCpV4cCXwKSewWtUoYekUPRLSRAiKjw7O3iTn53bdI9T7S5iOoUkpwoAsqVcCLP8G52hBGEzLShoIhaJX1vsxVYzNUT4515LpZ8ZskVaN7Dq5TH_pPLPqKZIhH4."
name="lia-form-context" type="hidden"><input value="BlogArticlePage:blog-id/IntuneCustomerSuccess/article-id/2522:searchformv32.form:" name="liaFormContentKey" type="hidden"><input
value="dzOv4c3RXyNwwkfp7lwVMGy6yiU=:H4sIAAAAAAAAALWRQUrDQBSGn4WuigiiN9DtRNRuVIQiKELVYHAtM+lrGk0ycWbSxI1H6QnES3Thzjt4ALeuXDiTRKlVMJG4CvO/8H/fm7l/gXa6D3sSqXBHlssjJXyWKJ9H0rKphzvFZMhFON7aJDJhoa/Kj/kbMyUFdLnwCI2pO0KiaIxSidsucbnAwGeEUYmkx3RIXXXoYzBYc1Al8frFtPO8+vjWgoU+dHI2D05piAqW+1d0TK2ARp7laKXI281iBYsF+KAANyDeqytuC+6ilI7pkVLTpg+D7eHr5KkFkMXpGZxUNQp1jU7L0JT/EMkbuAPQ91GOnHyUqzTOMqh2eg521VZ1zWotsfJ9icuN/wAWmxzDUdXiRKKYrZw7fyywZPLZJ2gOUVs54urLLcydP5VN/kflXxC58jtO8j6qQQQAAA=="
name="t:formdata" type="hidden"></div>
<div class="lia-inline-ajax-feedback">
<div class="AjaxFeedback" id="feedback"></div>
</div>
<input value="u55jFg9Zt6ujxjLPV4pI3Plb9lkDYNc8HFN3SkLIVDA." name="lia-action-token" type="hidden">
<input value="form" id="form_UIDform" name="form_UID" type="hidden">
<input value="" id="form_instance_keyform" name="form_instance_key" type="hidden">
<span class="lia-search-input-wrapper">
<span class="lia-search-input-field">
<span class="lia-button-wrapper lia-button-wrapper-secondary lia-button-wrapper-searchForm-action"><input value="searchForm" name="submitContextX" type="hidden"><input class="lia-button lia-button-secondary lia-button-searchForm-action"
value="Search" id="submitContext" name="submitContext" type="submit"></span>
<input placeholder="Search the community" aria-label="Search" title="Search" class="lia-form-type-text lia-autocomplete-input search-input lia-search-input-message" value="" id="messageSearchField_0" name="messageSearchField" type="text"
aria-autocomplete="both" autocomplete="off">
<div class="lia-autocomplete-container" style="display: none; position: absolute;">
<div class="lia-autocomplete-header">Enter a search word</div>
<div class="lia-autocomplete-content">
<ul></ul>
</div>
<div class="lia-autocomplete-footer">
<a class="lia-link-navigation lia-autocomplete-toggle-off lia-link-ticket-post-action lia-component-search-action-disable-auto-complete" data-lia-action-token="kT1sjwbieKkyaILG2JNlC5QfdEnt1Ecbu6i8qlRcCXc." rel="nofollow" id="disableAutoComplete_64141fb142eec7" href="https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.disableautocomplete:disableautocomplete?t:ac=blog-id/IntuneCustomerSuccess/article-id/2522&t:cp=action/contributions/searchactions">Turn off suggestions</a>
</div>
</div>
<input placeholder="Search the community" aria-label="Search" title="Search" class="lia-form-type-text lia-autocomplete-input search-input lia-search-input-tkb-article lia-js-hidden" value="" id="messageSearchField_1"
name="messageSearchField_0" type="text" aria-autocomplete="both" autocomplete="off">
<div class="lia-autocomplete-container" style="display: none; position: absolute;">
<div class="lia-autocomplete-header">Enter a search word</div>
<div class="lia-autocomplete-content">
<ul></ul>
</div>
<div class="lia-autocomplete-footer">
<a class="lia-link-navigation lia-autocomplete-toggle-off lia-link-ticket-post-action lia-component-search-action-disable-auto-complete" data-lia-action-token="Hm9p__YbyzJmFWjKodlsJ0wdQh9hs9s6gBhzHRhFTmQ." rel="nofollow" id="disableAutoComplete_64141fb176a12a" href="https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.disableautocomplete:disableautocomplete?t:ac=blog-id/IntuneCustomerSuccess/article-id/2522&t:cp=action/contributions/searchactions">Turn off suggestions</a>
</div>
</div>
<input placeholder="Search all content" ng-non-bindable="" title="Enter a user name or rank" class="lia-form-type-text UserSearchField lia-search-input-user search-input lia-js-hidden lia-autocomplete-input"
aria-label="Enter a user name or rank" value="" id="userSearchField" name="userSearchField" type="text" aria-autocomplete="both" autocomplete="off">
<div class="lia-autocomplete-container" style="display: none; position: absolute;">
<div class="lia-autocomplete-header">Enter a user name or rank</div>
<div class="lia-autocomplete-content">
<ul></ul>
</div>
<div class="lia-autocomplete-footer">
<a class="lia-link-navigation lia-autocomplete-toggle-off lia-link-ticket-post-action lia-component-search-action-disable-auto-complete" data-lia-action-token="SC7s45SAJuLljBXoMy_mDIgc33i2QitiRLAHKTCMhWQ." rel="nofollow" id="disableAutoComplete_64141fb1a623ae" href="https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.disableautocomplete:disableautocomplete?t:ac=blog-id/IntuneCustomerSuccess/article-id/2522&t:cp=action/contributions/searchactions">Turn off suggestions</a>
</div>
</div>
<input title="Enter a search word" class="lia-form-type-text NoteSearchField lia-search-input-note search-input lia-js-hidden lia-autocomplete-input" aria-label="Enter a search word" value="" id="noteSearchField_0" name="noteSearchField"
type="text" aria-autocomplete="both" autocomplete="off">
<div class="lia-autocomplete-container" style="display: none; position: absolute;">
<div class="lia-autocomplete-header">Enter a search word</div>
<div class="lia-autocomplete-content">
<ul></ul>
</div>
<div class="lia-autocomplete-footer">
<a class="lia-link-navigation lia-autocomplete-toggle-off lia-link-ticket-post-action lia-component-search-action-disable-auto-complete" data-lia-action-token="HHg4qhy0F78k4fVAQWnKr9W6y0UQ84ENWdoUfqTMaY0." rel="nofollow" id="disableAutoComplete_64141fb1ee1d7b" href="https://techcommunity.microsoft.com/t5/blogs/v2/blogarticlepage.disableautocomplete:disableautocomplete?t:ac=blog-id/IntuneCustomerSuccess/article-id/2522&t:cp=action/contributions/searchactions">Turn off suggestions</a>
</div>
</div>
<input class="lia-as-search-action-id" name="as-search-action-id" type="hidden">
</span>
</span>
<span class="lia-cancel-search">cancel</span>
</form>Text Content
We use cookies to improve your experience on our websites and for advertising.
Privacy Statement
Accept all Manage cookies
Skip to main content
Microsoft
Tech Community
Home
Community Hubs
Community Hubs
* Community Hubs Home
* Products
* Special Topics
* Video Hub
Close
PRODUCTS (76)
SPECIAL TOPICS (41)
VIDEO HUB (734)
MOST ACTIVE HUBS
Microsoft Teams
Excel
Exchange
SharePoint
Windows
Office 365
Security, Compliance and Identity
Windows Server
Microsoft Edge Insider
Azure
Microsoft 365
Azure Databases
Fully managed intelligent database services.
Project Bonsai
Create and optimise intelligence for industrial control systems.
Yammer
Connect and engage across your organization.
MOST ACTIVE HUBS
ITOps Talk
Education Sector
Microsoft Learn
Microsoft Localization
Microsoft 365 PnP
Healthcare and Life Sciences
Public Sector
Internet of Things (IoT)
Mixed Reality
Enabling Remote Work
Small and Medium Business
Humans of IT
Empowering technologists to achieve more by humanizing tech.
Green Tech
Raise awareness about sustainability in the tech sector
MVP Award Program
Find out more about the Microsoft MVP Award Program.
VIDEO HUB
Azure
Exchange
Microsoft 365
Microsoft 365 Business
Microsoft 365 Enterprise
Microsoft Edge
Microsoft Outlook
Microsoft Teams
Security
SharePoint
Windows
Browse All Community Hubs
Blogs
Blogs
Events
Events
* Events Home
* Microsoft Ignite
* Microsoft Build
* Community Events
Microsoft Learn
Microsoft Learn
* Home
* Community
* Blog
* Azure
* Dynamics 365
* Microsoft 365
* Security, Compliance & Identity
* Power Platform
* Github
* Teams
* .NET
Lounge
Lounge
* 657K Members
* 5,857 Online
* 1.8M Discussions
Search
Enter a search word
Turn off suggestions
Enter a search word
Turn off suggestions
Enter a user name or rank
Turn off suggestions
Enter a search word
Turn off suggestions
cancel
Turn on suggestions
Showing results for
Show only | Search instead for
Did you mean:
Sign In
Sign In
Enter a search word
Turn off suggestions
Enter a search word
Turn off suggestions
Enter a user name or rank
Turn off suggestions
Enter a search word
Turn off suggestions
cancel
Turn on suggestions
Showing results for
Show only | Search instead for
Did you mean:
* Home
* Microsoft Endpoint Manager
* Intune Customer Success
* Setup Assistant with modern authentication for ADE - Intune Public Preview
* Back to Blog
* Newer Article
* Older Article
SETUP ASSISTANT WITH MODERN AUTHENTICATION FOR ADE - INTUNE PUBLIC PREVIEW
By
Intune Support Team
Published Apr 20 2021 08:00 AM 12K Views
Skip to footer content
Intune Support Team
Microsoft
Apr 20 2021 08:00 AM
* Subscribe to RSS Feed
*
* Mark as New
* Mark as Read
*
* Bookmark
* Subscribe
*
* Email to a Friend
*
* Printer Friendly Page
* Report Inappropriate Content
SETUP ASSISTANT WITH MODERN AUTHENTICATION FOR ADE - INTUNE PUBLIC PREVIEW
Apr 20 2021 08:00 AM
Updated 8/27/21: We're excited to take the preview tag off and share that Setup
Assistant with modern authentication for ADE (iOS/iPadOS 13+ and macOS 10.15+)
is now generally available! See Automatically enroll iOS/iPadOS devices by using
Apple's Automated Device Enrollment on how to use this authentication method on
iOS/iPadOS devices, and Automatically enroll macOS devices with the Apple
Business Manager or Apple School Manager for macOS devices.
We’re excited to announce support for a new authentication method for Apple's
Automated Device Enrollment (ADE) which is Setup Assistant with modern
authentication. This new authentication method is available for iOS/iPadOS
devices running 13.0 and later and for macOS devices running 10.15 and later, in
public preview in Microsoft Endpoint Manager.
For automated device enrollment scenarios where the authentication method is
Setup Assistant with modern authentication, you can create a filter rule based
on the enrollment profile name (enrollmentProfileName). See: Using filters with
Setup Assistant with modern auth for ADE for corporate iOS/iPadOS/macOS
devices to learn more.
OVERVIEW
When creating an ADE enrollment profile, you can choose a new authentication
method: Setup Assistant with modern authentication. This authentication method
for ADE allows your organization to require authentication with Azure Active
Directory (Azure AD) in an out-of-box experience (OOBE) during enrollment with
Setup Assistant, prior to users accessing the home screen. You have the option
to also require multi-factor authentication (MFA) depending on the settings in
your Conditional Access policy.
Users are required to authenticate with their Azure AD credentials twice: once
during enrollment with Setup Assistant, and then again when they sign in to the
Company Portal. After initial authentication with Azure AD during Setup
Assistant, the home screen appears, and users can freely use the device for
resources not protected by Conditional Access. User affinity is established when
a user arrives at the home screen after the setup screens. However, the device
will not show in a user's device list in the Azure AD portal until the user
signs in to Company Portal. The additional sign in to the Company Portal app
fully completes a device’s Azure AD registration and gives the user access to
corporate resources protected by Conditional Access. This method provides all
the security of authenticating with the Company Portal but doesn’t make users
wait until the Company Portal installs on the device before they can start using
it.
The correct Company Portal version will automatically be delivered as a required
app to the device for iOS/iPadOS. We recommend choosing a Volume Purchase
Program (for the enrollment profile. Otherwise, it will be delivered when the
user sets up their Apple ID during the Setup Assistant screens. To learn how to
get the Company Portal on macOS devices, see Add the Company Portal for macOS
app.
COMPANY PORTAL REDIRECTION
A new improvement we’ve made to our onboarding experience helps guide users to
complete that second Azure AD authentication by automatically redirecting to the
iOS/iPadOS Company Portal when the user attempts to access corporate data.
If users open any managed iOS/iPadOS applications that are protected by
Conditional Access and they haven't completed the additional Azure AD sign in to
the iOS/iPadOS Company Portal, they will be redirected to the Company Portal
from those other apps as part of this new change. This way, users are guided to
complete that last step before they can access resources protected by
Conditional Access.
Here is what it will look like if a user tries to open an app protected by
Conditional Access before authenticating in the Company Portal:
Conditional Access block screen.
System prompt that opens the iOS/iPadOS Intune Company Portal.
CONFIGURATION IN MICROSOFT ENDPOINT MANAGER ADMIN CENTER
The Intune documentation explains how to configure the Setup Assistant with
Modern Authentication for iOS/iPadOS device enrollment and macOS device
enrollment. In the Microsoft Endpoint Manager admin center, you can a user for
multi-factor authentication. For instructions, see Require multi-factor
authentication for Intune device enrollments. The following screenshot provides
an example of the prompt locations:
MFA prompt locations for Microsoft Intune and Microsoft Intune Enrolment.
ENROLLING DEVICES WITH USER DEVICE AFFINITY BUT WITHOUT AZURE AD REGISTRATION
For both iOS/iPadOS and macOS, user device affinity (also known as primary user)
in Intune is established when a user lands on the home screen after the Setup
Assistant screens. However, the device is not fully registered with Azure AD
until the additional sign in to Company Portal, as mentioned above. This is also
when device compliance is assessed, and the device shows as compliant in the
Microsoft Endpoint Manager admin center. However, if you would like to keep
devices fully enrolled with Intune but without Azure AD registration, this is
also supported.
After the user completes the initial Azure AD sign in during Setup Assistant, if
there are no resources protected by Conditional Access and if Azure AD
registration is not required, then this authentication method can be used to
fully enroll the device. If you choose this ADE flow, which does not require
users to sign in to the Company Portal post enrollment, you will see the
following device behavior:
* The device will not show up in a user’s device list in the Azure AD portal
(since there is no device identity association within Azure AD).
* The device will not show up as compliant in the Microsoft Endpoint Manager
admin center.
KEEP IN MY MIND
* When enrolling an iOS/iPadOS device with Setup Assistant with Modern
Authentication, app configuration policies are automatically applied to the
iOS/iPadOS device. Don’t send a separate app configuration policy to the
Company Portal for those iOS/iPadOS devices or it will result in an error.
* If you choose Setup assistant with Modern Authentication as the
authentication method for a device that is not running the correct software
version, users will fall back to the legacy Setup Assistant ADE flow.
* For iOS/iPadOS, we recommend selecting to install the Company Portal app from
a VPP token in the enrollment profile. When VPP is used, the application can
be downloaded and installed without user interaction. When VPP isn't used, an
Apple ID is required to install the application. If the user doesn't sign in
to an Apple ID during Setup Assistant, they will be prompted to sign in when
Intune attempts to install the Company Portal.
* For more information about connecting Intune to Apple Volume Purchase
Program (VPP), see How to manage iOS and macOS apps purchased through Apple
Business Manager with Microsoft Intune. Once you have connected to VPP you
can add the Company Portal app to your Apple Business Manager/Apple School
Manager inventory so it can be assigned through Intune.
Let us know if you have any questions by commenting on this post or reaching out
to @IntuneSuppTeam on Twitter.
Post updates:
8/20/21 - added post on using filters with Setup Assistant with modern auth for
ADE for corporate iOS/iPadOS/macOS devices.
8/26/21 - we're excited to take the preview tag off and share that Setup
Assistant with modern authentication for ADE (iOS/iPadOS 13+ and macOS 10.15+)
is now generally available!
* Tags:
* iOS
* macOS
* modern authentication
* Public Preview
* Setup assistant
3 Likes
Like
Share
18 Comments
kpax-io
Occasional Visitor
Apr 21 2021 10:20 AM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Apr 21 2021 10:20 AM
I am trying this out on an iPad, the modern auth is working in the setup
assistant and the device gets a management profile applied in this process/
However, from the launcher using 'comp portal' shows the device as not enrolled
and tries to download a new management profile from the workflow, the profile
downloads and fails to install and the device doesn't end up compliant as a
result.
Not sure if it is intentional to have the device try to get a new management
profile after it already has one applied from the setup assistant.
1 Like
Like
Aldo ELIAS
Occasional Contributor
Apr 21 2021 11:01 AM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Apr 21 2021 11:01 AM
Hi all,
I also experienced the same issue and this exprience is similar like when you
set-up an enrollment profile without user affinity then try to enroll the device
linked to this profile.
I'll describe here the user experience to help everyone understand well.
// User experience
Language > Country/Region > Network > Device activation + Getting settings >
Remote Management > Gettings settings from "Company Name" > Passcode > ...
Note: Gettings settings from "Company Name" means that the device get ADE
settings from Intune so the first Management profile is dowloaded and applied
here.
After the company portal is installed and the user start the device enrollment,
another Management profile is also downloaded and this one cannot be installed
due to conflict.
I hope all those scenarios will find solutions.
cc: @Intune Support Team
Regards,
AEL
1 Like
Like
kpax-io
Occasional Visitor
Apr 21 2021 11:16 AM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Apr 21 2021 11:16 AM
I have made some progress.
Under DEP Profile, tenant admin > customization, I changed this setting 'Device
enrollment' to 'Available, no prompts' from 'Available, with
Prompts'. Additionally, I removed my own account as an enrollment manager.
With these two steps removed the additional profile download is no longer
occurring. In "Comp Portal" under 'Devices' it displays says "Register this
device" for my iPad, but otherwise compliant with policies and the iPad is shown
in the endpoint manager and I am able to use functions from there on the device.
Let us know if any of this is expected,
Thanks,
1 Like
Like
Intune Support Team
Microsoft
Apr 21 2021 12:23 PM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Apr 21 2021 12:23 PM
Hi @kpax-io and @Aldo ELIAS, thank you for your feedback! It's helpful for us
while this feature is in public preview and we work through issues that are
found. We will take this issue back to the team to investigate. At the point of
signing into the Company Portal, the device is already enrolled and there should
not be an additional management profile coming down. While we don't have a
specific fix right now, please make sure you are not sending down any app config
policies targeted at the iOS/iPadOS Company Portal app if enrolling your device
with setup assistant with modern authentication for iOS/iPadOS. For iOS/iPadOS,
the correct app config is already being applied automatically behind the scenes
in the enrollment profile, so no app config is needed for the iOS/iPadOS Company
Portal. Sending down an additional app config in this case may result in an
error. We’ll keep this post updated as we learn more. Thanks!
1 Like
Like
Dheeraj Oswal
New Contributor
May 05 2021 11:46 PM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
May 05 2021 11:46 PM
@Intune Support Team Thankyou for sharing the feature update. Definitely this
is exciting and adds a lot of benefits.
Would like to share the observations that, once the device lands home screen and
Company portal is installed the device checks in automatically and device
records is created on MEM console and the device is marked complaint without
having to manually login to Company portal .
Note- the articles described that CP login is required once the device lands
home screen to access CA protected apps.
1 Like
Like
gokulansubramani
Visitor
May 06 2021 04:08 AM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
May 06 2021 04:08 AM
When (date) Setup Assistant with Modern Auth will be Generally available?
what is the risk in testing this feature in Production devices.. anything
specific we need to be careful of?
0 Likes
Like
Aldo ELIAS
Occasional Contributor
May 06 2021 02:42 PM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
May 06 2021 02:42 PM
Hi @gokulansubramani,
Only your context of your company can help you for this kind of decision.
I recommend to test using spare devices and if you feel confident to try with
production devices you accept the risk of enhancement or changes after the
product team change something. You also have to consider your rollback
capabilities and your business impact for each scenarios.
@Intune Support Team can also advise
BR,
AEL
0 Likes
Like
Intune Support Team
Microsoft
May 17 2021 05:36 PM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
May 17 2021 05:36 PM
Hi @gokulansubramani, thanks for the comment! Though we don't have any ETAs to
currently share, stay tuned to this post for any future updates as well as our
In development and What's new docs for new announcements regarding this feature.
Adding on to @Aldo ELIAS's comment, you may want to start with a pilot or test
group before rolling this feature to your environment. After a successful pilot,
you're ready to start a full production rollout. For more info on user/device
targeting, see: add groups to organize users and devices to learn more. Hope
this helps!
1 Like
Like
Joel Gonzalez
New Contributor
May 24 2021 12:19 PM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
May 24 2021 12:19 PM
I started using the "Setup Assistant with modern authentication (preview)" and
it seems to work well and the process works as expected.
I did run into an issue when trying to enroll a device using a DEM account
following the same process, enrollment profile.
Once the Company Portal setup starts, I get a "There isn't a device setup for
this account yet" error and it does not allow me to proceed, thus device does
not register.
Anyone else having the same issue?
0 Likes
Like
Roiit
Occasional Contributor
May 28 2021 04:35 AM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
May 28 2021 04:35 AM
Hi,
When will MS support MFA durin ADE?
Right now if we have MFA requirments during Intune enrollment with Setup
assistant with Modern auth, user are stuck to move on IF they dont have a second
device to configure MFA on?
Is there any plan on creating cloud app "Company portal" where you can choose to
set MFA requirement during Company portal sign in instead during setup
assistant?
That will help us move forward with our ADE solution that requires MFA.
0 Likes
Like
Intune Support Team
Microsoft
Jun 18 2021 11:49 AM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Jun 18 2021 11:49 AM
Hi @Joel Gonzalez, thanks for the feedback!
There are a few limitations of devices that are enrolled with a DEM account and
would like to share that DEM accounts cannot be used when enrolling devices via
Apple's Automated Device Enrollment (ADE). See: Enroll devices using a device
enrollment manager account to learn more about current limitations.
If you continue to experience the same "There isn't a device setup for this
account yet" error not working as expected, let’s get you over to our support
folks for further investigation. Please open a support request from within the
Help + support blade, or any of the methods here. Once created, feel free
message us with your support case number so that we can have an eye on the case.
Thanks!
0 Likes
Like
Intune Support Team
Microsoft
Jun 18 2021 01:09 PM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Jun 18 2021 01:09 PM
Hi @Roiit, today you can require MFA during enrollment with Setup Assistant and
during CP login, or just during enrollment with Setup Assistant, but not only
during Company Portal login. We appreciate your feedback and have captured this
and shared it with the appropriate folks.
If you’ve configured a Conditional Access policy to require multi-factor
authentication (MFA), then the user will need a second device to complete MFA as
the primary device cannot be used for anything else while it is being
provisioned (e.g. reviewing a phone call or text).
Re: Cloud Apps – See section “Configuration in Microsoft Endpoint Manager admin
center” in our post above for more information on using different cloud apps in
your conditional access policies. No current plans to make the Company Portal a
cloud app for MFA upon CP login only, but keep an eye out on our In development
and What’s new docs for new features coming to Intune. Thanks!
0 Likes
Like
Joel Gonzalez
New Contributor
Jun 21 2021 09:01 AM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Jun 21 2021 09:01 AM
@Intune Support Team I reported the issue because it only happens when using
Setup with Modern Authentication, not via the normal method of Company Portal as
authentication. I do have a ticket open - 25759813 - and we have not been able
to determine what the issue is.
0 Likes
Like
Aldo ELIAS
Occasional Contributor
Jun 21 2021 12:26 PM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Jun 21 2021 12:26 PM
Hi @Joel Gonzalez,
What do you think about setup MFA exception for Intune enrollment service ?
Maybe it can help you avoid this kind of issue ?
cc @Intune Support Team
Regards,
AEL
0 Likes
Like
Joel Gonzalez
New Contributor
Jun 21 2021 06:22 PM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Jun 21 2021 06:22 PM
@Aldo ELIAS my only issue seems to happen when using Setup with Modern
Authentication and then trying to register the device with a DEM account. I get
the error mentioned above, but if I use Company Portal (legacy) as the
authentication method instead the same device will enroll fine with a DEM
account.
0 Likes
Like
Aldo ELIAS
Occasional Contributor
Jun 24 2021 02:55 PM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Jun 24 2021 02:55 PM
@Joel Gonzalezis your DEM account with MFA enabled / Enforced ?
Did you try to check the device logs ?
I don't have any idea so I can try to experience your situation but not possible
before 1 week on my side.
0 Likes
Like
Joel Gonzalez
New Contributor
Jun 25 2021 08:31 AM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Jun 25 2021 08:31 AM
@Aldo ELIAS no, DEM account does not have MFA enabled.
I reverted to the (Legacy) Setup and everything worked fine, but I would like to
use the Setup with Modern Authentication eventually.
No one seems to know what the error means, which baffles me. I provided the
diagnostic logs on my MS ticket to the thech working on it, but did not get it
resolved.
0 Likes
Like
Jason Salgado
Senior Member
Sep 13 2021 07:43 AM
* Mark as Read
* Mark as New
*
* Bookmark
*
* Permalink
* Print
* Email to a Friend
*
* Report Inappropriate Content
Sep 13 2021 07:43 AM
@Intune Support Team According to MC284343 this is now GA. I tested this
myself and experienced the same as the first 2 posters about an additional
device management profile now tries to download. We don't really have a simple
Intune Environment and have heavily locked down DEP devices that have no apple
id on them. As I tested the following:
Changed the enrollment profile to:
Authentication Method: Setup Assistant w/ Modern Auth
Install company portal with VPP: Token specified.
Device was wiped from the intune console. Upon going through the setup
assistant everything went ok, eventually some apps started to deploy to the
device. Company portal didn't install until 30 minutes later along with the
rest of our deployed apps, based of an Azure function app which moves devices to
device based azure groups to separate out device types. At this time I tried to
open Outlook, which I believe it stated the device needed to be registered,
added to Authenticator, then proceeded to open CP. At this time it downloaded
another device management profile, which can't be installed. I only have the CP
deployed to a device based group but there is no app config policy for it. Same
issue as the above posters.
0 Likes
Like
You must be a registered user to add a comment. If you've already registered,
sign in. Otherwise, register and sign in.
* Comment
%3CLINGO-SUB%20id%3D%22lingo-sub-2280473%22%20slang%3D%22en-US%22%3ERe%3A%20Setup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%2B%20and%20macOS%2010.15%2B)%20-%20Intune%20Public%20Previ%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2280473%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20trying%20this%20out%20on%20an%20iPad%2C%20the%20modern%20auth%20is%20working%20in%20the%20setup%20assistant%20and%20the%20device%20gets%20a%20management%20profile%20applied%20in%20this%20process%2F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20from%20the%20launcher%20using%20'comp%20portal'%20shows%20the%20device%20as%20not%20enrolled%20and%20tries%20to%20download%20a%20new%20management%20profile%20from%20the%20workflow%2C%20the%20profile%20downloads%20and%20fails%20to%20install%20and%20the%20device%20doesn't%20end%20up%20compliant%20as%20a%20result.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20sure%20if%20it%20is%20intentional%20to%20have%20the%20device%20try%20to%20get%20a%20new%20management%20profile%20after%20it%20already%20has%20one%20applied%20from%20the%20setup%20assistant.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2280540%22%20slang%3D%22fr-FR%22%3ERe%3A%20Setup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%20and%20macOS%2010.15)%20-%20Intune%20Public%20Previ%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2280540%22%20slang%3D%22fr-FR%22%3E%3CP%3EHi%20all%2C%20%3CBR%20%2F%3E%20I%20also%20experienced%20the%20same%20issue%20and%20this%20experience%20is%20similar%20like%20when%20you%20set-up%20an%20enrollment%20profile%20without%20user%20affinity%20then%20try%20to%20enroll%20the%20device%20linked%20to%20this%20profile.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EI'll%20describe%20here%20the%20user%20experience%20to%20help%20everyone%20understand%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EUser%20experience%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3ELanguage%20%26gt%3B%20Country%2FRegion%20%26gt%3B%20Network%20%26gt%3B%20Device%20activation%20-%20Getting%20settings%20%26gt%3B%20Remote%20Management%20%26gt%3B%20Gettings%20settings%20from%20%22Company%20Name%22%20%26gt%3B%20Passcode%20%26gt%3B%20...%3C%2FP%3E%3CP%3E%3CSTRONG%3E%3CU%3ENote%3A%3C%2FU%3E%3C%2FSTRONG%3E%20Gettings%20settings%20from%20%22Company%20Name%22%20means%20that%20the%20device%20get%20ADE%20settings%20from%20Intune%20so%20the%20first%20Management%20profile%20is%20dowloaded%20and%20applied%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAfter%20the%20company%20portal%20is%20installed%20and%20the%20user%20start%20the%20device%20enrollment%2C%20another%20Management%20profile%20is%20also%20downloaded%20and%20this%20one%20cannot%20be%20installed%20due%20to%20conflict.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20all%20those%20scenarios%20will%20find%20solutions.%3C%2FP%3E%3CP%3Ecc%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226779%22%20target%3D%22_blank%22%3E%40Intune%20Support%20Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooks%3C%2FP%3E%3CP%3EAEL%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2280630%22%20slang%3D%22en-US%22%3ERe%3A%20Setup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%2B%20and%20macOS%2010.15%2B)%20-%20Intune%20Public%20Previ%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2280630%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1032892%22%20target%3D%22_blank%22%3E%40kpax-io%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F65545%22%20target%3D%22_blank%22%3E%40Aldo%20ELIAS%3C%2FA%3E%2C%26nbsp%3Bthank%20you%20for%20your%20feedback!%20It's%20helpful%20for%20us%20while%20this%20feature%20is%20in%20public%20preview%20and%20we%20work%20through%20issues%20that%20are%20found.%20We%20will%20take%20this%20issue%20back%20to%20the%20team%20to%20investigate.%20At%20the%20point%20of%20signing%20into%20the%20Company%20Portal%2C%20the%20device%20is%20already%20enrolled%20and%20there%20should%20not%20be%20an%20additional%20management%20profile%20coming%20down.%20While%20we%20don't%20have%20a%20specific%20fix%20right%20now%2C%20please%20make%20sure%20you%20are%20not%20sending%20down%20any%20app%20config%20policies%20targeted%20at%20the%20iOS%2FiPadOS%20Company%20Portal%20app%20if%20enrolling%20your%20device%20with%20setup%20assistant%20with%20modern%20authentication%20for%20iOS%2FiPadOS.%20For%20iOS%2FiPadOS%2C%20the%20correct%20app%20config%20is%20already%20being%20applied%20automatically%20behind%20the%20scenes%20in%20the%20enrollment%20profile%2C%20so%20no%20app%20config%20is%20needed%20for%20the%20iOS%2FiPadOS%20Company%20Portal.%20Sending%20down%20an%20additional%20app%20config%20in%20this%20case%20may%20result%20in%20an%20error.%20We%E2%80%99ll%20keep%20this%20post%20updated%20as%20we%20learn%20more.%20Thanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2279061%22%20slang%3D%22en-US%22%3ESetup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%2B%20and%20macOS%2010.15%2B)%20-%20Intune%20Public%20Preview%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2279061%22%20slang%3D%22en-US%22%3E%3CP%3EWe%E2%80%99re%20excited%20to%20announce%20support%20for%20a%20new%20authentication%20method%20for%20Automated%20Device%20Enrollment%20(ADE)%20which%20is%20Setup%20Assistant%20with%20Modern%20Authentication.%20This%20new%20authentication%20method%20will%20be%20available%20for%20iOS%2FiPadOS%20devices%20running%2013.0%20and%20later%20and%20for%20macOS%20devices%20running%2010.15%20and%20later%2C%20in%20public%20preview%20in%20Microsoft%20Endpoint%20Manager.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-2005192789%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%20id%3D%22toc-hId-2005192763%22%3EOverview%3C%2FH3%3E%0A%3CP%3EThis%20new%20authentication%20method%20for%20automated%20device%20enrollment%20will%20allow%20your%20organization%20to%20require%20authentication%20with%20Azure%20AD%20(required)%20and%20multi-factor%20authentication%20(optional)%20in%20order%20to%20successfully%20enroll%20the%20device.%20The%20end%20user%20will%20be%20required%20to%20authenticate%20with%20their%20Azure%20AD%20credentials%20during%20Setup%20Assistant%2C%20with%20an%20additional%20Azure%20AD%20login%20to%20the%20Company%20Portal%20after%20enrollment.%20If%20the%20admin%20has%20a%20Conditional%20Access%20policy%20that%20requires%20multi-factor%20authentication%20(at%20enrollment%20only%2C%20or%20enrollment%20and%20Company%20Portal%20login)%20then%20MFA%20will%20be%20required%2C%20otherwise%20it%20is%20optional.%20This%20will%20benefit%20organizations%20that%20are%20looking%20to%20require%20authentication%20in%20the%20out-of-box%20experience%20(OOBE)%20during%20enrollment%20in%20the%20Setup%20Assistant%20screens%20prior%20to%20users%20accessing%20the%20home%20screen.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EEnrollment%20is%20completed%20once%20the%20user%20lands%20on%20the%20home%20screen%2C%20and%20users%20can%20freely%20use%20the%20device%20for%20resources%20not%20protected%20by%20Conditional%20Access.%20User%20affinity%20is%20established%20when%20users%20land%20on%20the%20home%20screen%20after%20the%20setup%20screens%2C%20however%20the%20device%20will%20not%20be%20fully%20registered%20with%20Azure%20AD%20until%20the%20Company%20Portal%20login.%20The%20device%20will%20not%20show%20up%20in%20a%20given%20user's%20device%20list%20in%20the%20Azure%20AD%20portal%20until%20the%20Company%20Portal%20login.%20That%20additional%20Azure%20AD%20login%20to%20the%20Company%20Portal%20app%20fully%20completes%20Azure%20AD%20registration.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhen%20creating%20an%20Automated%20Device%20Enrollment%20profile%2C%20you'll%20be%20able%20to%20choose%20a%20new%20authentication%20method%3A%20%3CSTRONG%3ESetup%20Assistant%20with%20modern%20authentication%20(preview)%3C%2FSTRONG%3E.%20This%20method%20provides%20all%20the%20security%20from%20authenticating%20with%20the%20Company%20Portal%20but%20avoids%20the%20issue%20of%20leaving%20end%20users%20stuck%20on%20a%20device%20they%20can't%20use%20while%20the%20Company%20Portal%20installs%20on%20the%20device.%20With%20this%20new%20authentication%20method%2C%20the%20user%20has%20to%20authenticate%20using%20Azure%20AD%20credentials%20during%20the%20setup%20assistant%20screens.%20This%20will%20require%20an%20additional%20Azure%20AD%20login%20post-enrollment%20in%20in%20the%20Company%20Portal%20app%20to%20gain%20access%20to%20corporate%20resources%20protected%20by%20Conditional%20Access.%20The%20correct%20Company%20Portal%20version%20will%20automatically%20be%20sent%20down%20as%20a%20required%20app%20to%20the%20device%20for%20iOS%2FiPadOS%2C%20which%20we%20recommend%20choosing%20a%20VPP%20token%20for%20the%20enrollment%20profile.%20Otherwise%2C%20it%20will%20be%20sent%20down%20if%20the%20end%20user%20completes%20setting%20up%20their%20Apple%20ID%20during%20the%20Setup%20Assistant%20screens.%20For%20macOS%2C%20here%20are%20the%20options%20to%20get%20the%20Company%20Portal%20on%20the%20device%20-%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fapps%2Fapps-company-portal-macos%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAdd%20the%20Company%20Portal%20for%20macOS%20app%20-%20Microsoft%20Intune%20%7C%20Microsoft%20Docs%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20the%20admin%20configures%20a%20Conditional%20Access%20policy%20to%20require%20multi-factor%20authentication%20(MFA)%2C%20then%20the%20end%20user%20will%20need%20a%20second%20device%20to%20complete%20MFA.%20Multi-factor%20authentication%20is%20optional%20based%20on%20the%20configuration%20of%20the%20MFA%20Azure%20AD%20settings.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-197738326%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%20id%3D%22toc-hId-197738300%22%3ECompany%20Portal%20Redirection%3C%2FH3%3E%0A%3CP%3EA%20new%20improvement%20we%E2%80%99ve%20made%20to%20our%20onboarding%20experience%20helps%20guide%20end%20users%20to%20complete%20that%20second%20Azure%20AD%20authentication%20by%20automatically%20redirecting%20to%20the%20iOS%2FiPadOS%20Company%20Portal%20when%20the%20user%20attempts%20to%20access%20corporate%20data.%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EIf%20users%20open%20any%20managed%20iOS%2FiPadOS%20applications%20that%20are%20protected%20by%20Conditional%20Access%20and%20they%20haven't%20completed%20the%20additional%20Azure%20AD%20login%20into%20the%20iOS%2FiPadOS%20Company%20Portal%2C%20they%20will%20be%20redirected%20to%20the%20iOS%2FiPadOS%20Company%20Portal%20from%20those%20other%20apps%20as%20part%20of%20this%20new%20change.%20This%20way%2C%20users%20will%20know%20exactly%20where%20to%20go%20to%20get%20access%20to%20resources%20protected%20by%20Conditional%20Access%20and%20will%20be%20guided%20to%20complete%20that%20last%20step.%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EHere%20is%20what%20it%20will%20look%20like%20if%20the%20end%20user%20tries%20to%20open%20any%20app%20protected%20by%20Conditional%20Access%20before%20authenticating%20in%20the%20Company%20Portal%20%E2%80%93%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ModernAuthBlog-1.png%22%20style%3D%22width%3A%20420px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274044iFE263521860D7B15%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22ModernAuthBlog-1.png%22%20alt%3D%22Conditional%20Access%20block%20screen%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EConditional%20Access%20block%20screen%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ModernAuthBlog-2.png%22%20style%3D%22width%3A%20594px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274045iEF33318710A911F8%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22ModernAuthBlog-2.png%22%20alt%3D%22System%20prompt%20that%20opens%20the%20iOS%2FiPadOS%20Company%20Portal%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ESystem%20prompt%20that%20opens%20the%20iOS%2FiPadOS%20Company%20Portal%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1609716137%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%20id%3D%22toc-hId--1609716163%22%3EConfiguration%20in%20Microsoft%20Endpoint%20Manager%20admin%20center%3C%2FH3%3E%0A%3CP%3ELearn%20how%20to%20configure%20the%20new%20Setup%20Assistant%20with%20Modern%20Authentication%20for%20iOS%2FiPadOS%20and%20macOS%20in%20the%20Microsoft%20Endpoint%20Manager%20admin%20center%20by%20reading%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fenrollment%2Fdevice-enrollment-program-enroll-ios%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnroll%20iOS%2FiPadOS%20devices%20by%20using%20ADE%20-%20Microsoft%20Intune%20%7C%20Microsoft%20Docs%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fenrollment%2Fdevice-enrollment-program-enroll-macos%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnroll%20macOS%20devices%20-%20Apple%20Business%20Manager%20or%20Apple%20School%20Manager%20%7C%20Microsoft%20Docs%3C%2FA%3E.%20Within%20the%20MEM%20admin%20center%2C%20you%20can%20control%20where%20a%20user%20is%20prompted%20for%20multi-factor%20authentication%20using%20different%20cloud%20apps%20when%20creating%20a%20Conditional%20Access%20policy.%20The%20following%20screenshot%20provides%20an%20example%20of%20the%20prompt%20locations%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ModernAuthBlog-3.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274046i1A396ADC6943E4FA%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22ModernAuthBlog-3.png%22%20alt%3D%22MFA%20Prompt%20Locations%20for%20Microsoft%20Intune%20and%20Microsoft%20Intune%20Enrolment%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EMFA%20Prompt%20Locations%20for%20Microsoft%20Intune%20and%20Microsoft%20Intune%20Enrolment%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-877796696%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%20id%3D%22toc-hId-877796670%22%3EUsing%20the%20enrolled%20device%20with%20user%20device%20affinity%20but%20without%20Azure%20AD%20registration%3C%2FH3%3E%0A%3CP%3EFor%20both%20iOS%2FiPadOS%20and%20macOS%2C%20user%20device%20affinity%20in%20Intune%20is%20established%20when%20users%20land%20on%20the%20home%20screen%20after%20the%20setup%20screens.%20However%2C%20the%20device%20will%20not%20be%20fully%20registered%20with%20Azure%20AD%20until%20the%20additional%20Company%20Portal%20login%20as%20mentioned%20above.%20That%20is%20also%20when%20device%20compliance%20is%20assessed%2C%20and%20the%20device%20shows%20up%20as%20compliant%20in%20the%20Microsoft%20Endpoint%20Manager%20admin%20center.%20If%20you%20would%20like%20to%20keep%20the%20device%20as%20fully%20enrolled%20with%20Intune%20but%20without%20Azure%20AD%20registration%2C%20that%20is%20also%20supported.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20enrollment%20is%20completed%20during%20Setup%20Assistant%2C%20the%20end%20user%20lands%20on%20the%20home%20screen%20and%20can%20freely%20use%20the%20device.%20If%20there%20are%20no%20resources%20protected%20by%20Conditional%20Access%20and%20if%20Azure%20AD%20registration%20is%20not%20required%2C%20then%20this%20authentication%20method%20can%20be%20used%20to%20fully%20enroll%20the%20device.%20Note%20the%20following%20device%20behavior%20if%20you%20choose%20this%20automated%20device%20enrollment%20flow%20without%20guiding%20end%20users%20to%20login%20to%20the%20Company%20Portal%20post%20enrollment%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EThe%20device%20will%20not%20show%20up%20in%20a%20given%20user%E2%80%99s%20device%20list%20in%20the%20Azure%20AD%20portal%20(since%20there%20is%20no%20device%20identity%20association%20within%20Azure%20AD).%3C%2FLI%3E%0A%3CLI%3EThe%20device%20will%20not%20show%20up%20as%20compliant%20in%20the%20Microsoft%20Endpoint%20Manager%20admin%20center.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--929657767%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%20id%3D%22toc-hId--929657793%22%3EKeep%20in%20my%20mind%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3EIf%20you%20choose%20%22Setup%20assistant%20with%20Modern%20Authentication%22%20as%20the%20authentication%20method%20when%20creating%20a%20profile%20for%20a%20device%20not%20running%20the%20correct%20software%20version%2C%20users%20will%20fall%20back%20to%20the%20legacy%20setup%20assistant%20Automated%20Device%20Enrollment%20flow.%3C%2FLI%3E%0A%3CLI%3EFor%20iOS%2FiPadOS%2C%20we%20recommend%20selecting%20to%20install%20the%20Company%20Portal%20app%20from%20a%20VPP%20token%20in%20the%20enrollment%20profile.%20When%20VPP%20is%20used%2C%20the%20application%20can%20be%20downloaded%20and%20installed%20without%20user%20interaction.%20When%20VPP%20isn't%20used%2C%20an%20Apple%20ID%20is%20required%20to%20install%20the%20application.%20If%20the%20user%20doesn't%20log%20into%20an%20Apple%20ID%20during%20Setup%20Assistant%20they%20will%20be%20prompted%20to%20log%20in%20when%20Intune%20attempts%20to%20install%20the%20Company%20Portal.%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EFor%20more%20information%20about%20connecting%20Intune%20to%20Apple%20Volume%20Purchase%20Program%20(VPP)%2C%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fapps%2Fvpp-apps-ios%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EManage%20Apple%20volume-purchased%20apps%20-%20Microsoft%20Intune%20%7C%20Microsoft%20Docs%3C%2FA%3E.%20Once%20you%20have%20connected%20to%20VPP%20you%20can%20add%20the%20Company%20Portal%20app%20to%20your%20Apple%20Business%20Manager%2FApple%20School%20Manager%20inventory%20so%20it%20can%20be%20assigned%20through%20Intune.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELet%20us%20know%20if%20you%20have%20any%20questions%20by%20commenting%20on%20this%20post%20or%20reaching%20out%20to%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FIntuneSuppTeam%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%40IntuneSuppTeam%3C%2FA%3E%20on%20Twitter.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2279061%22%20slang%3D%22en-US%22%3E%3CP%3EWe%E2%80%99re%20excited%20to%20announce%20support%20for%20a%20new%20authentication%20method%20for%20Automated%20Device%20Enrollment%20(ADE)%20which%20is%20Setup%20Assistant%20with%20Modern%20Authentication%20in%20public%20preview%20in%20Microsoft%20Endpoint%20Manager!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22BlogDefault.png%22%20style%3D%22width%3A%20295px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F274048iF3A9E48F2AD52105%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22BlogDefault.png%22%20alt%3D%22BlogDefault.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2279061%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EiOS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EmacOS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emodern%20authentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPublic%20Preview%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESetup%20Assistant%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2329951%22%20slang%3D%22en-US%22%3ERe%3A%20Setup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%2B%20and%20macOS%2010.15%2B)%20-%20Intune%20Public%20Previ%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2329951%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226779%22%20target%3D%22_blank%22%3E%40Intune%20Support%20Team%3C%2FA%3E%26nbsp%3B%20Thankyou%20for%20sharing%20the%20feature%20update.%20Definitely%20this%20is%20exciting%20and%20adds%20a%20lot%20of%20benefits.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20like%20to%20share%20the%20observations%20that%2C%20once%20the%20device%20lands%20home%20screen%20and%20Company%20portal%20is%20installed%20the%20device%20checks%20in%20automatically%20and%20device%20records%20is%20created%20on%20MEM%20console%20and%20the%20device%20is%20marked%20complaint%20without%20having%20to%20manually%20login%20to%20Company%20portal%20.%3C%2FP%3E%3CP%3ENote-%20the%20articles%20described%20that%20CP%20login%20is%20required%20once%20the%20device%20lands%20home%20screen%20to%20access%20CA%20protected%20apps.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2330896%22%20slang%3D%22en-US%22%3ERe%3A%20Setup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%2B%20and%20macOS%2010.15%2B)%20-%20Intune%20Public%20Previ%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2330896%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20(date)%20Setup%20Assistant%20with%20Modern%20Auth%20will%20be%20Generally%20available%3F%3CBR%20%2F%3Ewhat%20is%20the%20risk%20in%20testing%20this%20feature%20in%20Production%20devices..%20anything%20specific%20we%20need%20to%20be%20careful%20of%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2333229%22%20slang%3D%22en-US%22%3ERe%3A%20Setup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%2B%20and%20macOS%2010.15%2B)%20-%20Intune%20Public%20Previ%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2333229%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F999002%22%20target%3D%22_blank%22%3E%40gokulansubramani%3C%2FA%3E%2C%3C%2FP%3E%3CP%3EOnly%20your%20context%20of%20your%20company%20can%20help%20you%20for%20this%20kind%20of%20decision.%3C%2FP%3E%3CP%3EI%20recommend%20to%20test%20using%20spare%20devices%20and%20if%20you%20feel%20confident%20to%20try%20with%20production%20devices%20you%20accept%20the%20risk%20of%20enhancement%20or%20changes%20after%20the%20product%20team%20change%20something.%20You%20also%20have%20to%20consider%20your%20rollback%20capabilities%20and%20your%20business%20impact%20for%20each%20scenarios.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F226779%22%20target%3D%22_blank%22%3E%40Intune%20Support%20Team%3C%2FA%3E%26nbsp%3B%20can%20also%20advise%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBR%2C%3C%2FP%3E%3CP%3EAEL%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2362791%22%20slang%3D%22en-US%22%3ERe%3A%20Setup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%2B%20and%20macOS%2010.15%2B)%20-%20Intune%20Public%20Previ%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2362791%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F999002%22%20target%3D%22_blank%22%3E%40gokulansubramani%3C%2FA%3E%2C%20thanks%20for%20the%20comment!%26nbsp%3BThough%20we%20don't%20have%20any%20ETAs%20to%20currently%20share%2C%20stay%20tuned%20to%20this%20post%20for%20any%20future%20updates%20as%20well%20as%20our%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMEMID%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EIn%20development%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMEMWN%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWhat's%20new%3C%2FA%3E%20docs%20for%20new%20announcements%20regarding%20this%20feature.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAdding%20on%20to%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F65545%22%20target%3D%22_blank%22%3E%40Aldo%20ELIAS%3C%2FA%3E's%20comment%2C%20you%20may%20want%20to%20start%20with%20a%20pilot%20or%20test%20group%20before%20rolling%20this%20feature%20to%20your%20environment.%26nbsp%3BAfter%20a%20successful%20pilot%2C%20you're%20ready%20to%20start%20a%20full%20production%20rollout.%20For%20more%20info%20on%20user%2Fdevice%20targeting%2C%20see%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Ffundamentals%2Fgroups-add%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eadd%20groups%20to%20organize%20users%20and%20devices%3C%2FA%3E%26nbsp%3Bto%20learn%20more.%20Hope%20this%20helps!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2381759%22%20slang%3D%22en-US%22%3ERe%3A%20Setup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%2B%20and%20macOS%2010.15%2B)%20-%20Intune%20Public%20Previ%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2381759%22%20slang%3D%22en-US%22%3E%3CP%3EI%20started%20using%20the%20%22%3CSPAN%3ESetup%20Assistant%20with%20modern%20authentication%20(preview)%22%20and%20it%20seems%20to%20work%20well%20and%20the%20process%20works%20as%20expected.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20did%20run%20into%20an%20issue%20when%20trying%20to%20enroll%20a%20device%20using%20a%20DEM%20account%20following%20the%20same%20process%2C%20enrollment%20profile.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EOnce%20the%20Company%20Portal%20setup%20starts%2C%20I%20get%20a%20%22There%20isn't%20a%20device%20setup%20for%20this%20account%20yet%22%20error%20and%20it%20does%20not%20allow%20me%20to%20proceed%2C%20thus%20device%20does%20not%20register.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20else%20having%20the%20same%20issue%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2395336%22%20slang%3D%22en-US%22%3ERe%3A%20Setup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%2B%20and%20macOS%2010.15%2B)%20-%20Intune%20Public%20Previ%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2395336%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20will%20MS%20support%20MFA%20durin%20ADE%3F%3CBR%20%2F%3ERight%20now%20if%20we%20have%20MFA%20requirments%20during%20Intune%20enrollment%20with%20Setup%20assistant%20with%20Modern%20auth%2C%20user%20are%20stuck%20to%20move%20on%20IF%20they%20dont%20have%20a%20second%20device%20to%20configure%20MFA%20on%3F%3CBR%20%2F%3E%3CBR%20%2F%3EIs%20there%20any%20plan%20on%20creating%20cloud%20app%20%22Company%20portal%22%20where%20you%20can%20choose%20to%20set%20MFA%20requirement%20during%20Company%20portal%20sign%20in%20instead%20during%20setup%20assistant%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat%20will%20help%20us%20move%20forward%20with%20our%20ADE%20solution%20that%20requires%20MFA.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2280560%22%20slang%3D%22en-US%22%3ERe%3A%20Setup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%2B%20and%20macOS%2010.15%2B)%20-%20Intune%20Public%20Previ%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2280560%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20made%20some%20progress.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnder%20DEP%20Profile%2C%20tenant%20admin%20%26gt%3B%20customization%2C%20I%20changed%20this%20setting%20'Device%20enrollment'%20to%20'Available%2C%20no%20prompts'%20from%20'Available%2C%20with%20Prompts'.%26nbsp%3BAdditionally%2C%20I%20removed%20my%20own%20account%20as%20an%20enrollment%20manager.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20these%20two%20steps%20removed%20the%20additional%20profile%20download%20is%20no%20longer%20occurring.%20In%20%22Comp%20Portal%22%20under%20'Devices'%20it%20displays%20says%20%22Register%20this%20device%22%20for%20my%20iPad%2C%20but%20otherwise%20compliant%20with%20policies%20and%20the%20iPad%20is%20shown%20in%20the%20endpoint%20manager%20and%20I%20am%20able%20to%20use%20functions%20from%20there%20on%20the%20device.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELet%20us%20know%20if%20any%20of%20this%20is%20expected%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2464153%22%20slang%3D%22en-US%22%3ERe%3A%20Setup%20Assistant%20with%20Modern%20Auth%20for%20ADE%20(iOS%2FiPadOS%2013%2B%20and%20macOS%2010.15%2B)%20-%20Intune%20Public%20Previ%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2464153%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F206637%22%20target%3D%22_blank%22%3E%40Joel%20Gonzalez%3C%2FA%3E%2C%20thanks%20for%20the%20feedback!%3C%2FP%3E%0A%3CP%3EThere%20are%20a%20few%20limitations%20of%20devices%20that%20are%20enrolled%20with%20a%20DEM%20account%20and%20would%20like%20to%20share%20that%20DEM%20accounts%20cannot%20be%20used%20when%20enrolling%20devices%20via%20Apple's%20Automated%20Device%20Enrollment%20(ADE).%20See%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmem%2Fintune%2Fenrollment%2Fdevice-enrollment-manager-enroll%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnroll%20devices%20using%20a%20device%20enrollment%20manager%20account%3C%2FA%3E%20to%20learn%20more%20about%20current%20limitations.%3C%2FP%3E%0A%3CP%3EIf%20you%20continue%20to%20experience%20the%20same%20%22There%20isn't%20a%20device%20setup%20for%20this%20account%20yet%22%20error%20not%20working%20as%20expected%2C%20let%E2%80%99s%20get%20you%20over%20to%20our%20support%20folks%20for%20further%20investigation.%20Please%20open%20a%20support%20request%20from%20within%20the%20Help%20%2B%20support%20blade%2C%20or%20any%20of%20the%20methods%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FIntuneSupport%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%20Once%20created%2C%20feel%20free%20message%20us%20with%20your%20support%20case%20number%20so%20that%20we%20can%20have%20an%20eye%20on%20the%20case.%20Thanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Intune Support Team
Version history
Last update:
Sep 02 2021 08:34 AM
Updated by:
Intune Support Team
Labels
* ios 42
* macOS 8
* modern authentication 1
* Public Preview 2
* Setup Assistant 1
Browse
Skip to primary navigation
WHAT'S NEW
* Surface Pro X
* Surface Laptop 3
* Surface Pro 7
* Windows 10 Apps
* Office apps
MICROSOFT STORE
* Account profile
* Download Center
* Microsoft Store support
* Returns
* Order tracking
* Store locations
* Buy online, pick up in store
* In-store events
EDUCATION
* Microsoft in education
* Office for students
* Office for schools
* Deals for students and parents
* Microsoft Azure in education
ENTERPRISE
* Azure
* AppSource
* Automotive
* Government
* Healthcare
* Manufacturing
* Financial Services
* Retail
DEVELOPER
* Microsoft Visual Studio
* Window Dev Center
* Developer Network
* TechNet
* Microsoft developer program
* Channel 9
* Office Dev Center
* Microsoft Garage
COMPANY
* Careers
* About Microsoft
* Company News
* Privacy at Microsoft
* Investors
* Diversity and inclusion
* Accessibility
* Security
* Sitemap
* Contact Microsoft
* Privacy
* Manage cookies
* Terms of use
* Trademarks
* Safety and eco
* About our ads
* © 2021 Microsoft
Auto-suggest helps you quickly narrow down your search results by suggesting
possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting
possible matches as you type.